Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 881413 (CVE-2022-2601, CVE-2022-3775)

Summary: <sys-boot/grub-2.06-r4: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: base-system, floppym
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html
Whiteboard: B1 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 881821    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-15 18:31:44 UTC 
B given these are only really problems with secureboot
on, which is probably a minority of users. Patches at URL, unsure if
merged yet.
Comment 1 Larry the Git Cow gentoo-dev 2022-11-16 00:43:49 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f808be26f24a5d938efb272e2d98cd5aa05ecda

commit 7f808be26f24a5d938efb272e2d98cd5aa05ecda
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2022-11-16 00:29:40 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2022-11-16 00:29:40 +0000

    sys-boot/grub: backport security fixes
    
    Bug: https://bugs.gentoo.org/881413
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-boot/grub/Manifest            |   1 +
 sys-boot/grub/grub-2.06-r4.ebuild | 330 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 331 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-16 15:12:48 UTC 
Thanks! Please stabilize when ready.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-02 17:35:13 UTC 
Please cleanup
Comment 4 Larry the Git Cow gentoo-dev 2022-12-20 18:13:39 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd4f54570ed7c6d99beb16cc2b2b841c30a5a09b

commit dd4f54570ed7c6d99beb16cc2b2b841c30a5a09b
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2022-12-20 18:10:40 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2022-12-20 18:12:54 +0000

    sys-boot/grub: drop 2.06-r3
    
    Bug: https://bugs.gentoo.org/881413
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-boot/grub/Manifest            |   1 -
 sys-boot/grub/grub-2.06-r3.ebuild | 331 --------------------------------------
 2 files changed, 332 deletions(-)
Comment 5 Larry the Git Cow gentoo-dev 2023-11-25 11:19:26 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=4c466f4d082dba9c6c82b370699194bb99c93843

commit 4c466f4d082dba9c6c82b370699194bb99c93843
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-11-25 11:18:39 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-11-25 11:19:17 +0000

    [ GLSA 202311-14 ] GRUB: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/881413
    Bug: https://bugs.gentoo.org/915187
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202311-14.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)